Bug 6062

Summary: barracude headers triggers FP on WEIRD_PORT
Product: Spamassassin Reporter: Michael Scheidell <michael>
Component: RulesAssignee: SpamAssassin Developer Mailing List <dev>
Status: NEW ---    
Severity: enhancement    
Priority: P5    
Version: 3.2.5   
Target Milestone: Undefined   
Hardware: Other   
OS: All   
Whiteboard:

Description Michael Scheidell 2009-02-09 08:57:22 UTC
the inclusion of an email forwared from a barracuda, with 'headers' included, and this in the email:


x-barracuda-url:http://10.10.20.91:8000/cgi-bin/mark.cgi

which is possible in every email outbound from a barracuda, rule triggers 'WEIRD_PORT'

suggest excluding '^x-barracuda-url:http' from WEIRD_PORT tests.


rule has low score (0.001) UNLESS BAYES OR NET NOT ACTIVE

score WEIRD_PORT 1.599 1.499 1.089 0.001

(a 1.6 score could block an email from barracuda users, again, only if a full email, with headers is sent)
Comment 1 Karsten Br├Ąckelmann 2009-02-09 09:14:08 UTC
MSECS      SPAM%     HAM%     S/O    RANK   SCORE  NAME WHO/AGE
0.00000   0.0031   0.1054   0.029    0.37    1.60  WEIRD_PORT  

It's an under-performer anyway. Really poor S/O. Probably better to remove it altogether.
Comment 2 Justin Mason 2009-02-09 09:43:22 UTC
(In reply to comment #1)
> It's an under-performer anyway. Really poor S/O. Probably better to remove it
> altogether.

I'd prefer to keep it as an informational rule (locked to 0.0001 or similar).
occasionally it shows up in bad stuff (like phishing) as a good potential
meta subrule.